Why it's past time to modernize the FITARA scorecard
COMMENTARY | Another reset is needed to keep the FITARA scorecard relevant in driving IT management best practices across federal agencies
For the past nine years, the Federal Information Technology Acquisition Reform Act has positively and significantly impacted federal agencies to accelerate their IT modernization and reduce costs. A 2022 Government Accountability Office study found that FITARA had saved U.S. citizens $24.8 billion since its enactment.
While the FITARA legislation itself is valuable, consistent oversight from Congress has been essential to its success. The FITARA scorecard has helped to spotlight the efforts, or lack of effort, of agencies in advancing IT management. However, as we testified in January 2022 at the House Oversight and Accountability Committee hearing on FITARA, the scorecard must evolve if it’s to remain an effective tool in measuring an agency’s IT management maturity.
As part of a project team of 11 former federal IT leaders tapped by the American Council for Technology and Industry Advisory Council, we researched how best to update the FITARA scorecard based on current best practices in IT management tailored for use in the federal government. Our September 2022 report offered a series of recommendations, including using cloud computing to replace aging on-premises infrastructure, modernizing agency systems, addressing cybersecurity challenges, strengthening CIO authorities within an agency, and perhaps most importantly, addressing the growing challenges confronting the IT workforce, including recruitment, development and retention.
We acknowledge and applaud an improvement in the latest Scorecard (Version 17, issued January 2024) that aligns with the ACT-IAC report’s recommendation regarding the use of working capital funds dedicated to IT investment. However, since the publication of the ACT-IAC report 18 months ago, little else has changed in the scorecard, and what has changed has created challenges for agency CIOs in implementing modern management best practices. We recommend that Congress act quickly to revamp the scorecard in the following three areas:
- Incremental development – The scorecard still has a category measuring an agency’s ability to develop IT systems incrementally and deploy them to production at least every six months. Given the pervasive use of agile techniques across all systems development today, the current measure is anachronistic. We recommend that it be replaced with a “Modern System Development Practices” category. The new category would measure an agency’s establishment and use of Agile techniques and a DevSecOps pipeline across all systems development. The measure also should incorporate the use of modern customer experience practices for all interactive systems.
- CIO investment evaluation – FITARA requires agency CIOs to categorize their major investments by risk. Grades are based on the percentage of major investments that the CIO has evaluated within the present and prior fiscal years. We appreciate the need for transparency, but such a measure does little to incentivize an agency to put the proper project management disciplines in place to lower overall project risk. We recommend establishing an “IT Modernization Planning and Delivery” category instead, which will codify the need for agencies to do proper IT modernization planning and develop the project management execution capability to deliver on those plans.
- Use of cloud computing – Congress added a new cloud computing category in the latest version of the FITARA scorecard. This would appear to align well with the ACT-IAC recommendations. However, with the support of GAO, Congress elected to measure this category based on five requirements. These sought to ensure that: the CIO can oversee modernization; agency cloud-related policies and guidance are iteratively improved; service level agreements are in place; service level agreement contracts are standardized; and visibility in high-value asset contracts is continuously ensured.
While all five of these requirements are good for an agency to achieve, none of them directly addresses what we believe to be most important: does an agency have a solid plan based on rigorous analysis and prioritization for migrating legacy systems to the cloud and what progress has an agency made in migrating systems to the cloud based on its plan?
In the latest version of the scorecard, a leading agency with a well-planned and aggressive cloud migration approach received an “F” in the cloud category because of the way that progress is being measured — cementing the view among many CIOs that the scorecard doesn’t support their modernization efforts.
It’s vital for Congress to regain the trust and cooperation of agency CIOs by collaborating with them on scorecard revisions. Many CIOs are eager to improve, and we believe their insights can be incorporated without compromising Congress’ independence and oversight responsibility. Congress and GAO also should work closely with the Federal CIO Council and the Office of Management and Budget on any scorecard revisions.
Congress can and should leverage the capabilities of non-profit organizations that focus on improving government. ACT-IAC and other organizations, such as the Partnership for Public Service and the National Academy of Public Administration, are open to offering their expertise.
It’s time for another reset on the FITARA scorecard to keep it relevant in driving IT management best practices across federal agencies. We, along with others in the federal IT community, stand ready to help.
Dave Powner is executive director of the Center for Data-Driven Policy at MITRE and formerly led IT audit reviews at the Government Accountability Office.
.
Richard Spires is an independent consultant and author with 40 years experience in public- and private-sector IT management. He has previously served as chief information officer of the IRS and the Department of Homeland Security.
NEXT STORY: Overcoming technical debt and accelerating modernization